Virus watch: Mimail topples Klez

NEWS The Mimail worm has snatched prime position away from Klez by becoming the fastest spreading internet menace, according to mail filtering company MessageLabs, and is finding rich pickings among home PCs. The veteran Klez, which was discovered all the way back in April last year, has slipped to second position, just one week after Mimail's debut as the internet's new "bad boy" on the block. MessageLabs has detected 143,709 copies of Mimail since 1 August, but the "all time high" prize will probably remain unchallenged for a while longer - MessageLabs has seized more than seven million copies of Klez over the last 18 months or so. Despite being far less complex than the Klez worm, which used network shares and emails to spread, the Mimail worm uses a social engineering technique to trick a user into opening an attachment. The message is disguised as an announcement from the target's ISP administrator - it invariably spoofs the address admin@targetdomain - so one striking silicon.com's offices might appear as being from admin@silicon.com - thus appearing at first glance, or to the uninitiated, to be official. The attachment itself is an HTML file that exploits a vulnerability in Internet Explorer - it executes itself and begins to spread. However, despite it corporate-orientated engineering, Mimail has been felt most by home users, according to security consultant Daniel Lewkovitz. He says getting the message about securing the home PC across to the mums, dads and grandparents is tough - they simply don't understand that they need to patch their systems. Staff, ZDNet Australia